Legacy firewall migrate routines and export fw rules.

2025-08-26 13:21:14 +00:00 · 2024-03-04 12:58:33 -03:00
parent de073a4795
commit b6a7cdaac9
14 changed files with 406 additions and 112 deletions
--- a/wireguard/forms.py
+++ b/wireguard/forms.py
@@ -30,6 +30,9 @@ class WireGuardInstanceForm(forms.ModelForm):
        hostname = cleaned_data.get('hostname')
        address = cleaned_data.get('address')
        netmask = cleaned_data.get('netmask')
+        post_up = cleaned_data.get('post_up')
+        post_down = cleaned_data.get('post_down')
+
        peer_list_refresh_interval = cleaned_data.get('peer_list_refresh_interval')
        if peer_list_refresh_interval < 10:
            raise forms.ValidationError('Peer List Refresh Interval must be at least 10 seconds')
@@ -46,5 +49,13 @@ class WireGuardInstanceForm(forms.ModelForm):
            if current_network.overlaps(other_network):
                raise forms.ValidationError(f"The network range {current_network} overlaps with another instance's network range {other_network}.")

+        #if self.instance:
+        #    if post_up or post_down:
+        #        if self.instance.post_up != post_up or self.instance.post_down != post_down:
+        #            raise forms.ValidationError('Post Up and Post Down cannot be changed, please go to Firewall page to make changes to the firewall.')
+        #else:
+        #    if post_up or post_down:
+        #        raise forms.ValidationError('Post Up and Post Down cannot be set, please go to Firewall page to make changes to the firewall.')
+            
        return cleaned_data

--- a/wireguard/migrations/0019_alter_wireguardinstance_legacy_firewall.py
+++ b/wireguard/migrations/0019_alter_wireguardinstance_legacy_firewall.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.0.2 on 2024-03-04 12:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('wireguard', '0018_wireguardinstance_legacy_firewall'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='wireguardinstance',
+            name='legacy_firewall',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/wireguard/models.py
+++ b/wireguard/models.py
@@ -59,7 +59,7 @@ class WireGuardInstance(models.Model):
    dns_primary = models.GenericIPAddressField(unique=False, protocol='IPv4', default='1.1.1.1')
    dns_secondary = models.GenericIPAddressField(unique=False, protocol='IPv4', default='1.0.0.1', blank=True, null=True)
    pending_changes = models.BooleanField(default=True)
-    legacy_firewall = models.BooleanField(default=True)
+    legacy_firewall = models.BooleanField(default=False)

    created = models.DateTimeField(auto_now_add=True)
    updated = models.DateTimeField(auto_now=True)
--- a/wireguard/views.py
+++ b/wireguard/views.py
@@ -31,25 +31,27 @@ def generate_instance_defaults():
        instance_id = new_instance_id
        interface_name = f"wg{instance_id}"

-        post_up_script = (
-            f"iptables -t nat -A POSTROUTING -s {network} -o eth0 -j MASQUERADE\n"
-            f"iptables -A INPUT -p udp -m udp --dport {port} -j ACCEPT\n"
-            f"iptables -A FORWARD -i {interface_name} -o eth0 -d 10.0.0.0/8 -j REJECT\n"
-            f"iptables -A FORWARD -i {interface_name} -o eth0 -d 172.16.0.0/12 -j REJECT\n"
-            f"iptables -A FORWARD -i {interface_name} -o eth0 -d 192.168.0.0/16 -j REJECT\n"
-            f"iptables -A FORWARD -i {interface_name} -j ACCEPT\n"
-            f"iptables -A FORWARD -o {interface_name} -j ACCEPT"
-        )
+        #post_up_script = (
+        #    f"iptables -t nat -A POSTROUTING -s {network} -o eth0 -j MASQUERADE\n"
+        #    f"iptables -A INPUT -p udp -m udp --dport {port} -j ACCEPT\n"
+        #    f"iptables -A FORWARD -i {interface_name} -o eth0 -d 10.0.0.0/8 -j REJECT\n"
+        #    f"iptables -A FORWARD -i {interface_name} -o eth0 -d 172.16.0.0/12 -j REJECT\n"
+        #    f"iptables -A FORWARD -i {interface_name} -o eth0 -d 192.168.0.0/16 -j REJECT\n"
+        #    f"iptables -A FORWARD -i {interface_name} -j ACCEPT\n"
+        #    f"iptables -A FORWARD -o {interface_name} -j ACCEPT"
+        #)

-        post_down_script = (
-            f"iptables -t nat -D POSTROUTING -s {network} -o eth0 -j MASQUERADE\n"
-            f"iptables -D INPUT -p udp -m udp --dport {port} -j ACCEPT\n"
-            f"iptables -D FORWARD -i {interface_name} -o eth0 -d 10.0.0.0/8 -j REJECT\n"
-            f"iptables -D FORWARD -i {interface_name} -o eth0 -d 172.16.0.0/12 -j REJECT\n"
-            f"iptables -D FORWARD -i {interface_name} -o eth0 -d 192.168.0.0/16 -j REJECT\n"
-            f"iptables -D FORWARD -i {interface_name} -j ACCEPT\n"
-            f"iptables -D FORWARD -o {interface_name} -j ACCEPT"
-        )
+        #post_down_script = (
+        #    f"iptables -t nat -D POSTROUTING -s {network} -o eth0 -j MASQUERADE\n"
+        #    f"iptables -D INPUT -p udp -m udp --dport {port} -j ACCEPT\n"
+        #    f"iptables -D FORWARD -i {interface_name} -o eth0 -d 10.0.0.0/8 -j REJECT\n"
+        #    f"iptables -D FORWARD -i {interface_name} -o eth0 -d 172.16.0.0/12 -j REJECT\n"
+        #    f"iptables -D FORWARD -i {interface_name} -o eth0 -d 192.168.0.0/16 -j REJECT\n"
+        #    f"iptables -D FORWARD -i {interface_name} -j ACCEPT\n"
+        #    f"iptables -D FORWARD -o {interface_name} -j ACCEPT"
+        #)
+        post_up_script = ''
+        post_down_script = ''

    return {
        'name': '',